In a fresh revelation by the Cybereason Security Services Team, a new wave of attacks linked to the notorious Andromeda malware has been uncovered, focusing on manufacturing and logistics sectors in the Asia-Pacific (APAC) region. This decades-old malware, first detected in 2011, continues to evolve, proving itself as a relentless tool in the cybercriminal arsenal.
Known for its modular nature, Andromeda has long been a favorite for hackers due to its versatility. Historically spread through malicious email attachments, infected USB drives, and secondary payloads, the malware is now leveraging more sophisticated techniques to wreak havoc. Once installed, Andromeda’s capabilities include stealing sensitive data, such as passwords, creating backdoor access, and downloading additional malware, making it a multipurpose threat for industrial espionage.
One of its standout features is its use of “USB drop attacks.” Compromised USB drives can execute malicious files automatically, infecting systems upon connection. The malware’s disguise game is strong—DLLs with inconspicuous names like “~$W*.USBDrv” and “~$W*.FAT32” are loaded using rundll32.exe to fly under the radar.
Additionally, “desktop.ini” files, typically seen as harmless system files, are being weaponized to trigger the malware’s activities.
A critical part of Andromeda’s resurgence lies in its advanced command-and-control (C2) infrastructure. During Cybereason’s investigation
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: